[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]

[PATCH 5.005_63 IO] Avoid shelling on backwhacks



I'm not sure about this one. I'm really not sure about this one.
Somebody will find a clever way of breaking it, no doubt, but it
might be useful.

As you know, pp_exec calls out to the shell when it sees
any shell metacharacters. One of those characters in the list is
the backslash. However, I'm not sure the presence of a backslash
a good reason to shell - the only thing the shell is going to do (if
I've got this right) is to escape the following character. Well,
we can do that ourselves. This patch turns, for example, "ls \*"
into "ls","*" without shelling out.

--- doio.c	Thu Jan 13 11:42:13 2000
+++ doio.c_	Thu Jan 13 11:44:51 2000
@@ -1200,6 +1200,7 @@
 {
     register char **a;
     register char *s;
+    register int backwhacked;
     char flags[10];
 
     while (*cmd && isSPACE(*cmd))
@@ -1247,7 +1248,12 @@
 	goto doshell;
 
     for (s = cmd; *s; s++) {
-	if (*s != ' ' && !isALPHA(*s) && strchr("$&*(){}[]'\";\\|?<>~`\n",*s)) {
+	backwhacked = (*s == '\\');
+	if (backwhacked)
+		s++;
+	if (*s != ' ' && !isALPHA(*s) && strchr("$&*(){}[]'\";\\|?<>~`\n",*s) 
+	    && !backwhacked) {
+
 	    if (*s == '\n' && !s[1]) {
 		*s = '\0';
 		break;
@@ -1276,6 +1282,8 @@
     PL_Cmd = savepvn(cmd, s-cmd);
     a = PL_Argv;
     for (s = PL_Cmd; *s;) {
+	if (*s == '\\')
+		s++;
 	while (*s && isSPACE(*s)) s++;
 	if (*s)
 	    *(a++) = s;


Follow-Ups from:
Ilya Zakharevich <ilya@math.ohio-state.edu>

[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index][Thread Index][Top&Search][Original]